Do Not Track

Aleecia M. McDonald's research focuses on the public policy issues of Internet privacy, and includes user expectations for Do Not Track, behavioral economics and mental models of privacy, and the efficacy of industry self regulation. She co-chaired, and remains active in, the WC3’s Tracking Protection Working Group, an ongoing effort to establish international standards for a Do Not Track mechanism that users can enable to request enhanced privacy online.

Arvind Narayanan is an Assistant Professor at Princeton's Department of Computer Science and Center for Information Technology Policy and an Affiliate Scholar at the Stanford Law School Center for Internet and Society. He studies information privacy and security, and has a side-interest in tech policy. His research has shown that data anonymization is broken in fundamental ways, for which he jointly received the 2008 Privacy Enhancing Technologies Award.

Börge is a senior associate at Freshfields Bruckhaus Deringer LLP in Hamburg, Germany. His practice covers IP and IT law, outsourcing, e-commerce, licensing, data protection and privacy, as well as complex commercial law matters. He regularly advises in the context of M&A and carve-out transactions across different industry sectors, with a special focus on technology and healthcare transactions. Börge has worked in New York and London, and often help clients around the world with their projects.

The Stanford Center for Internet and Society, where I am an affiliate scholar, is a thought leader on consumer privacy and a source for potential solutions. The CIS Cookie Clearinghouse, for instance, intends to publish lists of tracking cookies to block or allow based on objective, balanced criteria informed by consumer expectations. According to recent work by Daniel Solove and CIS affiliate scholar Woodrow Hartzog, Federal Trade Commission privacy enforcement is also trending toward upholding what consumers have come to expect regarding their data. Violating consumer expectations around privacy is probably itself a sufficient reason for intervention. Consumers who take steps not to be tracked, or who rely upon representations that they are not being tracked, shouldn't be. My new project, however, asks a different question: Why should consumers worry about being tracked in the first place? What exactly is the harm here?

Our recent research on Google’s circumvention of the Safari cookie blocking feature has led to some confusion, in part owing to the company’s statement in response (reproduced in its entiretybelow). This post is an attempt to elucidate the central issues. As with the original writeup, I aim for a neutral viewpoint in the interest of establishing a common factual understanding.

Yesterday the Digital Advertising Alliance (DAA) announced a supplementary set of self-regulatory principles for third parties on the web (pdf, press release). This post is a brief — and far from comprehensive — overview of improvements, continued deficiencies, and procedural issues.

“Stop spreading lies about Iran on Facebook,” hissed the message written in Farsi and sent to Hamid, an Iranian-American graduate in California. We know where to find you, the anonymous writer warned: “Watch out, we will come after you.” Hamid was shocked: he thought the change he’d made to his Facebook photo – replacing it with a symbol of solidarity with the Iranian opposition – could be viewed only by people he’d “friended”.

Pages

Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer.

Jonathan Mayer is a computer science Ph.D. student and 3L at Stanford University. He graduated from Princeton University in 2009 with a concentration in the Woodrow Wilson School of Public and International Affairs. Jonathan's area of study encompasses the intersections of policy, law, and computer science - with particular emphasis on national security and international relations.

As part of the Global Data Protection policy workshop at this year’s Privacy Identity Innovation conference, we hosted a session titled “Data Collection and Consent: Next Steps for Digital Advertising” that looked at the status of the do not track debate, what might happen going forward and the impact these efforts may have on consumers and companies.

Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer.